As announced by the Department
of Information and Communications Technology (DICT), cybersecurity training is
required for government organisations with citizen-facing applications to
maximise the protection on government applications and databases.
12 sessions of cybersecurity training
started on 19 May 2018 to maximise the protection on government applications
and databases. The DICT will run the security training sessions until 18 August
2018. These sessions will be held at the audio-Visual Room of the DICT Building
in Diliman, Quezon City from 9 am to 1 pm.
Participation is required in the
training programme for government organisations with citizen-facing
applications to protect and secure their systems before they are allowed to
integrate with GOV.PH or the National
Government Portal (NGP).
GOV.PH is the planned single portal for
the whole of government. It is envisioned as a one-stop gateway uniting all
web-based government content to maximise efficiency and provide rapid, high
quality service to citizens. This effectively allows for reduction of costs as
opposed to maintaining multiple systems.
This means access to a reliable
government online services and information. This also lessens the need for the
citizens to physically go to government offices or visit different government
agency websites to perform typical transactions.
Each of the training sessions is
expected to be least three hours in duration. There will be a lecture period, a
workshop session, and a question-and-answer portion. Network engineers,
programmers and database administrators of government agencies are the required
participants.
Some of the lecture topics lined up for
the training are Security Overview and Critical Security Controls, Web
Application Security, Common Application Vulnerabilities, Secure Coding Best
Practices, Network Mapping, and Wireless Security.
Cybersecurity consultants Raymond Nunez
and Ian Christopher Tisang will be the speakers in the duration of the
training.
The activity is an initiative of the NGP
project, under the supervision of DICT Undersecretary for Developmental and
Innovations Engr. Denis F. Villorente, which aims to improve cybersecurity
within the country.
A recent cybersecurity forum classified
the Philippines as “D” in a scale of A to E, with “A” as the highest in terms
of cybersecurity maturity.
Several
definitions of the five levels of Cybersecurity Maturity can be found. For a
better understanding of each, a brief explanation is given.
(1)
Level 1: Initial – Information Security
processes are ad hoc and
disorganised. Processes may also be considered unstructured. Success is likely
to depend on individual efforts and is not considered to be repeatable or
scalable. This is because processes would not be sufficiently defined and
documented to allow them to be replicated.
(2)
Level 2: Repeatable – Information Security
efforts follow a regular pattern. Processes are at a repeatable level where
basic project management techniques are established and successes can be
repeated. This is due to processes being established, defined, and documented.
(3)
Level 3: Defined – Information
security efforts have greater attention to documentation, standardisation, and
maintenance support. Processes are documented and communicated.
(4)
Level 4: Managed – Processes are
monitored and measured. At this level, an organisation monitors and controls
its own Information Security processes through data collection and analysis.
Level
5: Optimised – This is an optimising level where Information Security processes
are constantly being improved through monitoring feedback from existing processes
and introducing new processes to better serve the organisation’s particular
needs. At this level, best practises are followed and automated.